willkline.com

Privacy Policy

Last updated: 2026-04-24

This policy explains what willkline.com collects, why, and what you can do about it. It covers the main site (willkline.com), the auth bridge (auth.willkline.com), and any satellite brand site running the WillKline SSO middleware.

What we collect

Account data — when you sign in with a magic link we store your email address and a Supabase-issued user id. If you become a member we also store the Stripe customer id, subscription status, and current tier.

Session data — a signed, HttpOnly cookie holding an HS256 JWT with your user id, tier, and entitlements. It expires after seven days.

Usage data — if you opt in, PostHog records which pages you visit and which buttons you click. Vercel Analytics records aggregate page-view counts without cookies. No mouse-movement or session-replay is captured.

Error data — Sentry collects stack traces when the site crashes. Requests are scrubbed of query params that look like secrets.

What we don't collect

We do not sell data, share it with advertising networks, or build marketing profiles. We do not track you across sites you don't own. We do not read the contents of files you upload outside of what's strictly required to serve them back to you.

Who we share it with

Data is processed by the vendors that run the stack: Supabase (database + auth), Vercel (hosting + analytics), Stripe (payments), Fastmail (transactional email), PostHog (product analytics, opt-in only), Sentry (errors), BetterStack (uptime). Each is bound by its own DPA and we never grant them more access than the service needs.

Your rights

You can request an export or deletion of your account data at any time by emailing willkline@willkline.com. We respond within 30 days. EU/UK residents have the rights described in GDPR Article 15-22; California residents have the rights described in CCPA §1798.100-1798.150.

Retention

Account rows live as long as the account exists. Webhook event logs are kept 90 days. Aggregate analytics are kept indefinitely but are not tied to your identity after deletion.

Changes

Material changes to this policy will be announced by email to active members at least 14 days before they take effect.

Questions? willkline@willkline.com